Nationwide Security Breach Raises Priority of IT Security

Nearly a million Nationwide customers' personal information was compromised, but the fact that businesses report that cyber risk is their biggest concern shows that hackers present both threat and opportunity to the industry.

Cyber security seems likely to jump up the list of insurance CIOs' priorities in the wake of recent incidents affecting financial services companies and one of the country's largest insurers. During September, several of the nation's largest banks were targeted by a group called the Izz ad-Din al-Qassam Cyber Fighters, and during the following month Nationwide suffered a security breach that affected about a million people, some policyholders, some individuals seeking quotes.

Nationwide has acknowledged that the breach affected people in all 50 states, and several state departments of insurance have issued releases based on the insurer's notification, including Georgia, South Carolina and Iowa during the last two weeks. Last Thursday, the California Insurance Commissioner, Dave Jones, announced that his office would conduct a review of the Nationwide/Allied Group of insurance companies to ensure that the company was doing all it could to protect consumers from theft or loss of personal information. The release noted:

At this point [the California Department of Insurance] is satisfied the company is taking appropriate first steps to notify consumers whose information was accessed and providing assistance, including offering credit monitoring and identity theft protection for those impacted with $1 million in free identity theft insurance coverage with no deductible.

Identity fraud and identify theft are a large and growing problem in the financial services and data breaches of insurance company policyholder information only exacerbates the problem, notes Stephen Applebaum, a Chicago-based senior analyst with Aite Group's P&C insurance practice.

"Drivers license, credit card and other personal information enables criminals to commit fraud or crime in the name of the compromised individuals," comments Applebaum. "When drivers licenses, social security and credit card numbers are stolen or go missing, identity fraud often follows."

Travelers was the first insurance company to offer identity theft insurance to consumers, and many have since followed, Applebaum notes. In a study released last week, Travelers reported that 73% of all identity fraud is caused by burglary and theft of wallet/purse, personal identification or computer, he relates.

"The insurance industry has a fiduciary obligation to protect policyholders form this kind of exposure, and certainly not to enable it by allowing data breaches," Applebaum declares.

Cyber risk presents both a threat that insurers and other financial services companies need to prioritize, but it also presents an opportunity as suggested by Travelers' product pioneering and by the Chubb 2012 Public Company Risk Survey. The Warren, N.J.-based insurer reports that public companies are most concerned about potential litigation and financial losses in the coming year from a cyber breach.

Chubb notes that 2 in 5 companies experienced a significant cyber security issue in a recent 12-month period, according to the Computer Security Institute, that respondents to the Chubb survey identified cyber risk as their #1 concern, and that 52% of companies are dedicating additional resources toward mitigating their cyber risk, among other observations.

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio